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Abstract 

Recently there has been increasing interest in the prob- 
lem ^of knowledge compilation [Selman&Kautz91]. This 
is the problem of identifying tractable techniques for 
determining the consequences of a knowledge base. We 
have developed and implemented a technique, called 
drat, that given a theory , i.e„ a collection of first- 
order clauses, can often produce a type of decision pro- 
cedure for that theory that can be used in the place of 
a general-purpose first-order theorem prover for deter- 
mining the many of the consequences of that theory. 
Hence, drat does a type of knowledge compilation. 
Central to the DRAT technique is a type of reformula- 
tl 5™ j? w hich a problem’s clauses are restated in terms 
of different nonlogical symbols. The reformulation is 
isomorphic in the sense that it does not change the 
semantics of a problem. 

INTRODUCTION 

Recently there has been increasing interest in the prob- 
lem of knowledge compilation [Selman&Kautz91], This 
is the problem of identifying tractable techniques for 
determining the consequences of a knowledge base. 
Most interesting knowledge bases are written in high- 
ly expressive languages for which the general problem 
of complete inference is intractable (e.g., at least NP- 
hard, usually undecidable). Even though the general 
inference problem in such a language is intractable, 
given a particular knowledge base, it is often possi- 
ble to identify a tractable inference procedure that is 
complete for the inferences required in that knowledge 
base. 

We have developed and implemented a technique, 
called drat, that given a theory , i.e., a collection of 
first-order clauses, can often produce a type of deci- 
sion procedure for that theory. This type of procedure 
is called a literal satisfiability procedure. Such a satisfi- 
ability procedure for a theory T decides whether or not 
a conjunction of ground literals is satisfiable in T. A 
literal satisfiability procedure for a theory can be used 
in the place of a general-purpose first-order theorem 
prover for determining the many of the consequences 
of that theory. Hence, drat does a type of knowledge 


compilation. 

Obviously, we are better off using a satisfiability pro- 
cedure for determining the consequences of a theory 
than we are using a general-purpose theorem prover be- 
cause the satisfiability procedure is guaranteed to halt 
However, under what circumstances should we consider 
such a procedure tractable? A straightforward way to 
define tractability is polynomial-time worst-case com- 
plexity and for some theories drat can produce a sat- 
isfiability procedure that has this property. For many 
other theories, the satisfiability procedures produced 
are exponential in the worst case. Note that drat 
can determine whether a satisfiability procedure it pro- 
duces has polynomial or exponential worst-case behav- 
10r ‘ n -f^ er case > procedures are usually much 
more efficient than a general theorem prover because 
the complexity of the theorem prover proving that a 
fact F follows from a theory T is a function of the 
sum of the size of F U T, while the complexity of the 
satisfiability procedure is a function of the size of F . 

Even when DRAT cannot produce a literal satisfia- 
bility procedure for an entire theory it is often an im- 
provement to use a procedure for a subset of an input 
theory because such a procedure can be interfaced with 
a general-purpose theorem prover in such a way that 
the procedure and the theorem prover work together 
to determine the consequences of the theory. 

In practice, so long as a procedure can be found for 
a significant subset of the theory, the resulting infer- 
ence systems are much more efficient than the theorem 
prover alone because many of the inferences that the 
theorem prover would have to do are done more effi- 
ciently by the satisfiability procedure. 

Let # be the set of axioms of a problem and let S 
be the satisfiability procedure that drat designs for 
W , some subset of The theorem prover restricts its 
manipulation of the statements in using S instead 
whenever possible. This paper presents a formalization 
of drat and proves that it is complete, i.e., that for any 
first-order statement *, if ¥ (= 0, $ combined with the 
theorem prover will prove <j>. We show that drat’s re- 
formulation greatly increases its effectiveness and that 
a solution to a reformulated version of a problem is 
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guaranteed to be a solution to the original problem. 

We present only a brief description of the DRAT algo- 
rithm here. A detailed description of an implementa- 
tion can be found in [VanBaalen89] or [VanBaalen92]. 

DRAT was inspired by human problem solving per- 
formance on analytical tasks of the type found on grad- 
uate level standardized admissions tests. An example 
problem is given in Figure 1. 

Given: M, N, 0, P, Q, R, and S are all members of the 
same family. N is married to P. S is a grandchild of Q. 
0 is a niece of M. The mother of S is the only sister 
of M. R is Q’s only child. M has no brothers. N is a 
grandfather of 0. 

Query : Who are the siblings of S? 

Figure 1: The FAMILIES Analytical Reasoning Prob- 
lem 

We analyzed human problem-solving behavior on a 
number of these problems and found the prevalent use 
of diagrams to assist in problem solving. Figure 2 il- 
lustrates the typical diagrams people use to solve the 
problem in Figure 1. 



W R is the only child of Q” “S is a grandchild of Q” 
(Divided rectangles represent couples; circles represent sets 
of children of the same couple: full circles are closed sets, 
broken circles are sets all of whose members may not be 
known; the directed arc represents the “child ren-of* func- 
tion between couples and their sets of children.) 

Figure 2: Two statements in a representation common- 
ly used by people. 

These diagrams were found to contain a common 
set of structures (across different people and differen- 
t problems). The arcs in Figure 2 are an example of 
such a structure. They represent the 1-1 function be- 
tween a married couple and their set of children. Each 
common structure was also found to have a standard 
set of procedures for manipulating it. For example, 
one procedure associated with the arcs in Figure 2 en- 
sures that they behave like a l-l function. It reads 
roughly as t “If two objects are equal and they appear 
at the same end of two separate 1-1 function arcs with 
the same function symbol, the arcs and the objects at 
their other end can be composed." This procedure is a- 
mong those used to compose the structures in Figure 2 
to yield the diagram in Figure 3. 

People use these diagrams to. test the satisfiability 
of a particular collection of facts by creating the struc- 
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Figure 3: Composition of the structures in Figure 3. 

tures representing each fact and then composing them. 
The conjunction is satisfiable just in case no contradic- 
tion is signalled in the composition process. 

DRAT has a library of procedures called schemes. 
These schemes model people’s diagrammatic struc- 
tures and their manipulations. Schemes were found 
to have a number of important properties which are 
described in this paper. Perhaps the most important 
of * - ese properties is that each scheme turns :o be 
a.* liability procedure. Another important perty 
of * -.ernes is that they can be used as buildi iock- 
s to onstruct “larger” satisfiability procedure drat 
uses this property to construct satisfiability procedures 
for input problems. 

The implementation of DRAT includes the schemes 
found in analyzing the diagrams that people used on 
thirty analytical tasks. It has been tested on twelve 
of these problems stated in a sorted first-order logic. 
The problems vary in size from thirty to sixty sorted 
first-order statements. The performance of the theo- 
rem prover /satisfiability procedure combinations that 
DRAT produces for these problems was at least two or- 
ders of magnitude better than the performance of the 
theorem prover alone. For example, our general theo- 
rem prover took 988,442 resolutions — three hours and 
five minutes — to solve the problem shown in Figure 1 
The satisfiability procedure that DRAT produced was 
able to solve the problem entirely without the theorem 
prover and did so in less than three seconds. 

PRELIMINARIES 

Each scheme is a tractable literal satisfiability procedure 
for a theory . 

Definition 1 A theory is a set of statements in first- 
order predicate calculus with equality. 

Definition 2 A literal satisfiability procedure for a 
theory T is a procedure that decides for any conjunc- 
tion of ground literals E whether or not E U T is satis- 
fiable. 

Each scheme is tractable in the sense that, given any E 
containing n literals, the scheme for a theory T decides 
the satisfiability of EUT in time polynomial in n. 

Given a particular E, in addition to determining lit- 
eral satisfiability in some theor ' each scheme corn 
putes {ti = v I u, v G C A E « u = vi wher * 
C is the set of constant symbol ippearing E. A^ 
detailed in section , these equalities are communicated 
between schemes in a way that allows the combination 


162 



of schemes to determine satisfiability for the union of 
their theories. 

One important result of this research is the particu- 
lar library of schemes we have developed from the ob- 
servation of human problemsolving of analytical tasks. 
However, in the formal characterization that follows, 
we abstract away from the detail of the current scheme 
library, identifying the properties of schemes required 
for the completeness of DRAT. 

This paper first takes a simplified view of what DRAT 
will accept as an input problem and also assumes that 
DRAT is only successful if it can produce a satisfiability 
procedure for an entire problem. In this setting, we 
prove that a combination of schemes is a satisfiability 
procedure for the union of the theories of the individual 
schemes. In section , the above restrictions are relaxed 
and it is shown how, in the more general setting, the 
procedures produced by drat are interfaced with a 
theorem prover. 

DRAT requires that the formulas of schemes and the 
formulas of an input problem be converted to clauses , 
i.e., disjunctions of first-order literals. The remainder 
of the paper assumes that this has been done. However, 
the presentation will often use more intuitive forms 
for statements, when the conversion to clause form is 
straightforward. 

The restricted definition of a problem taken first is: 


Definition 3 A problem is a triple < >, 

where £ and <l> are sets of ground literals and Tc is a set 
of clauses each of which contains at least one variable. 
Such a triple is interpreted as a question about whether 
or not for all the ground literals <t> 6 E U Tc (= <j>. 


Here is an example problem: 

( grand/ ather(0, N ), married(N , P) 
-i = < grandchild(S, Q), niece (O, A/), 

l M±N t N±0,... 


T Cl = < 


rnother(Si x) <=> sister(M ,x), 

(sister{M ,x) A sister(M,y)) => x = y, 
child(Q , x) <=> x = R, 

^brother( M, x), . . . 

= {sibling(0 ) S),child(N y M)} 

In addition to those axioms shown, £^ also contain- 
s disequalities between all of the individual constants 
mentioned. Tc, also contains definitions of concepts 
such a grandchild and formulas defining general prop- 
erties of the family relation domain such as symmetry 
of married . 


Given a problem < £,Tc,$ >, DRat’s objective is 
to design a literal satisfiability procedure for Tc. This 
procedure is used to solve the problem for the partic- 
ular E and $. To determine whether for some <j> 6 
EUT C |= <£, the satisfiability procedure for Tc is used 
to decide whether or not E U Tc U is unsatisfiable. 
For example, DRAT tries to design a satisfiability pro- 
cedure for Tc, • If successful, the procedure is used 
to decide whether “0” is a sibling of “S” and “M is 
a child of “N” follow from Ei U Tc, by determining 


the satisfiability of E, U T c , U ^sibling! O, S) and of 
- 1 U T Cl U -■ child(N , M). 

Obviously, we are better off using a satisfiability pro- 
cedure for Tc to solve a problem < £,Tc,$ > than 
using a general theorem prover because the satisfiabil- 
ity procedure is guaranteed to halt. Perhaps less obvi- 
ous is the fact that these procedures are usually much 
more efficient than a general theorem prover. The intu- 
ition behind this is that the complexity of the theorem 
prover solving the problem is a function of the size of 
the entire problem, while the complexity of the satisfi- 
ability procedure is a function of the size of E U As 
pointed out in section , this intuition is substantiated 
by the performance of the procedures that drat has 
designed. 

THE DRAT TECHNIQUE 

We will call the relation, function and individual con- 
stant symbols in a theory the nonlogical symbols of that 
theory. The nonlogical symbols of each scheme’s the- 
ory are treated as parameters to be instantiated with 
the nonlogical symbols of T c . For example, the scheme 
Symmetric whose theory is {/?(x,y) => R(y,x)) is pa- 
rameterized by R. 

DRAT tries to find a set of scheme instances that can 
be combined to give a literal satisfiability procedure 
for Tc*. Consider a set of scheme instances. Call the 
union of the theories of each scheme instance T/. drat 
has succeeded in finding a satisfiability procedure when 
it finds a T/ that is logically equivalent to Tc- The 
following is an abstract description of this process: 
instances 4— 0 
T/ <— 0 
T'c^Tc 

UNTIL empty(Tjr.) DO 

instance 4— choose-instance(T^) 

IF null(instance) THEN EXIT-WITH failure 
instances 4 — union(instance, instances) 

Tj 4— union(theory(instancc), T/) 

FOR EACH 4 € V c 

WHEN Ti <f> DO T r «- V r - 6 
END FOR 
END UNTIL 

A set of scheme instances is built up incrementally 
and, simultaneously, the set of clauses in T c is paired 
down. Each time choose- ins tanco is invoked, it in- 
spects T c and chooses a scheme instance whose theory 
is entailed by Tq. After the theory of instance is added 
to T/, drat removes clauses from TA that are entailed 
by T r 

DRAT uses the following procedure for computing 
satisfiability in T/ to determine the 0 € T c that follow 
from Tf. For each clause 0 , it creates <j> f by substitut- 
ing a new individual constant for each unique variable 
in 4>. If the satisfiability procedure for Tj reports that 

U T/ is unsatisfiable, T/ <j>. 

If the algorithm is exited with T f c empty, drat has 
succeeded in finding a T/ that is equivalent to T c . To 
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see this, note that T' c U 7/ = Tc is an invariant of the 
Io~>d. Adding theory(instance) to T/ does not violate 
tS - condition because T c theory(instance). Re- 

ving from V c clauses <j> such that Tj |= <j> also does 
not violate the condition. 

If the algorithm is exited because choose-instance 
returns nil, it has failed to find a T> that is equivalent 
to Tc. 

Note that this algorithm is nondeterministic be- 
cause* in general, on a call to choose-instance, there 
are several instances from which to choose. The drat 
implementation searches for an appropriate collection 
of scheme instances. This search is reduced consider- 
ably by the fact that scheme instances in Tj may not 
share nonlogical symbols. As discussed in section , this 
restriction is required to allow schemes to be combined 
by the method described below. More detail on how 
the drat implementation controls this search can be 
found in [VanBaalen92]. 

A PROCEDURE FOR COMBINING 
SCHEMES 

Since T/ is the theory of a set of scheme instances, so 
long as these instances do not share nonlogical symbol- 
s, DRAT has a satisfiability procedure for T/. This pro- 
cedure is the combination of schemes used to create T/. 
D rat’s combination technique is the same technique as 
reported by Nelson <& Oppen in [Nelson&:Oppen79] and 
a more detailed description than what follows can be 
found there. 

Let £(T) be the set of nonlogical symbols appearing 
in the clauses of T. We will often refer to £(T) as the 
language of T, Consider two scheme instances, T\ and 
T 2 , where C{T\) is disjoint from £(T 2 ), and consider a 
conjunction of literals E in £(Ti U T 2 ). The procedure 
for deciding the satisfiability of E U T\ U T 2 begins by 
splitting E into two conjunctions of literals: Ei, with 
literals in £(Ti) and E 2 , with literals in £(T 2 ) such that 
the conjunction of literals in Ei and E 2 is satisfiable 
just in case E is. 

When a literal in E contains nonlogical symbols from 
C(T X U T 2 ), remove each subterm whose function sym- 
bol is not in the language of the head symbol of the 
term. A subterm is removed by substituting a new 
constant symbol for that subterm in the literal and 
conjoining an equality between the term and the new 
symbol with the proper E*. For example, suppose R 
is in £(Ti), / is in £(T 2 ) and E contains the literal 
^(/( a ))* The embedded term is in the wrong language, 
so it is removed. This is done by substituting a new 
constant, say 6, for f(a) in R(f(a)) to obtain R(b) and 
conjoining b = f(a) with E 2 . 

For each literal in E, this technique is applied repeat- 
edly to the right most function symbol in the wrong 
language until the literal no longer contains symbols 
in the wrong language. Then the literal is conjoined 
with the appropriate E,. For instance, R(b) from the 


example above contains no symbols in the wrong lan- 
guage so it is conjoined with E t . 

Next the scheme for 7 x is used to determine th^ satis- 
fiability of Ex UTi . Recall that in so doing, this scheme 
also computes the set of equalities between constants 
in Ej that follow from E x UT^ Call this set E { . The 
scheme for T 2 is used to determine the satisfiability of 
E 2 UT 2 U £i . If it is satisfiable, F 2 , the set of equalities 
that follow from E 2 U T 2 U E u is propagated back to 
Ti , i.e., T\ is used to compute Ei U Ti U £ 2 . 

This propagation of equalities continues until one of 
the schemes reports “unsatisfiable” or until no new e- 
qualities are computed. Note that since there are at 
most n - I nonredundant equalities between n con- 
stant symbols, this process will terminate. Unless the 
scheme for T\ or T 2 reports “unsatisfiable,” the proce- 
dure for the combination returns “satisfiable.” 

A complication to this equality propagation pro- 
cedure is that given a set of ground literals, many 
tractable schemes imply disjunctions of equalities be- 
tween constants without implying any of the dis- 
juncts alone, a property called nonconvextty in 
[Nelson&Oppen79]. An example of a convex scheme 
is one that determines satisfiability for the theory of 
equality with uninterpreted function symbols. An ex- 
ample of a nonconvex scheme is one for the theory 
of sets. To see this, note that {a, 6} s {c, d} implies 
a = c V a = d, but does not imply either equality alone. 

A scheme associated with a nonconvex theory must 
compute disjunctions of equalities between constants 
that follow from a given conjunction of ground liter- 
als. The equality propagation procedure is extend- 
ed to handle such schemes by case splitting when a 
nonconvex scheme produces a disjunction. When one 
of the component schemes produces the disjunction 
ci = d x V V c n = d n , the combined satisfiabili- 
ty procedure is applied recursively to the conjunct is 
Ei U E 2 U {c x = di Ei U E 2 U {cn = d n }. If an* of 
these is satisfiable, “satisfiable” is returned, otherwise 
“unsatisfiable” is returned. 

As a simple example of this procedure, consider two 
schemes: S for the theory of equality with uninterpret- 
ed function symbols and S for the theory of finite sets. 
Now consider whether 

E = I = 9} A ^ - K A a = cA 

[ g^dAg^cAb^dAbjbc 

is satisfiable. First E is split into 
v ^{^ — cAg^dAg^eAb^dAb^eA 
“ 1 [ /(«) = Cl A /(c) = Cj 

E 2 = (c, = {6,j} Ac 2 = {(/,<}]. 

E is run on E x and determines that ci = c 2 . 5 is 
run on E 2 U {c x = c 2 } which produces the disjunction 
b = d\/b = e. The procedure is now invoked recursive- 
ly for Ei U E 2 U {6 = d} and EiUE 2 U{/> = e}. In both 
calls, E 2 produces the disjunction g = d V g = e which 
is unsatisfiable. Therefore, both calls return “unsatis- 
fiable,” hence E U£ U S is unsatisfiable. 

We place one additional requirement on schemes 



to make the equality propagation procedure practi- 
cal. Schemes must be incremental. This means that a 
scheme must be able to save its “state” when a con- 
junction of literals is satisfiable and it must be able 
to use the saved state to determine the satisfiability of 
larger conjunctions at incremental cost. 

REFORMULATION 

The drat technique as described in section is severe- 
ly limited by the way in which a problem is stated. 
Often, it is much more successful with an equivalent 
formulation of the problem stated in terms of a dif- 
ferent collection of nonlogical symbols. For instance, 
recall the problem about family relations given in sec- 
tion . It was stated in terms of the binary relation 
child. It turns out that, given the current scheme li- 
brary, the drat implementation is much more success- 
ful when the problem is stated in terms of parents , a 
function from an individual to his or her set of par- 
ents. One reason this formulation is better is that the 
library contains a scheme for a theory of fixed sized 
sets, drat discovers an instance of this scheme that 
allows it to remove several genera] clauses from the 
problem including one that limits the size of parent 
sets to two. 

In an effort to circumvent this sensitivity to a prob- 
lem’s formulation, drat is able to reformulate a prob- 
lem in terms of new nonlogical symbols without chang- 
ing the “meaning” of the problem. Choose- instance 
is often able to find scheme instances in reformulated 
problems where it was unable to do so in the initial 
formulations, drat’s reformulation technique is mod- 
eled after the reformulation that people do in solving 
analytical tasks. For an example of this refer again to 
the problem and diagrams given in section . In the dia- 
grams appear concepts such as “married couples” and 
“sets of children of the same couple.” These concepts 
are not present in the initial problem formulation — 
the problem has been reformulated. 

drat does a particular kind of reformulation called 
isomorphic reformulation in [Korf80]. We formalize 
isomorphic reformulation as a relation between theo- 
ries. 

Definition 4 A reformulation map 72,^ £ 3 between t - 
wo languages C\ and £ 2 is a function from clauses in 
£ i to sets of clauses in £ 2 . 

Definition 5 A theory T 2 is an isomorphic reformu- 
lation of a theory Ti just in case there exists a refor- 
mulation map Kc( Tl )X(T 2 ) suctl that 

Ti )= 0 <=> T 2 R m c(Tl) £ ( r 3 )W> every clause <f> in 

£(Ti). 

If r 2 is an isomorphic reformulation of Ti, any ques- 
tion we have about what clauses are entailed by T x can 
be answered by theorem proving in T 2 . Given the ques- 
tion, “does 7\ <£?” we use R* to translate 0 into 

£(T 2 ) and then attempt to prove that T 2 J= 


T x = 


Ti = I 


As a simple example of isomorphic reformulation, 
consider the following two theories: 

' R(x,z), 

R(x,y) => R(y, x ), 

R( x < y) A R(y, •) => R(x, z) 
x 6 R-class(x), 

x 6 R-class(y) => y 6 R-class(x), 
x e R-class(y) Aye R-cIass(z) => 

_ x e R-class(z) 

T 2 is an isomorphic reformulation of T x . To show 
this, we exhibit an appropriate H’ T , First, 

we introduce the function y with y(R(x,y)) = x e 
R-class(y) and y{^R(x,y)) = x <£ R-dass(y). 

The function y is also defined in the obvious way 
for literals that are instances of the patterns R(x,y ) 
and ->R(x,y), i.e., given the constants a and b 
7(R{a,f(b))) = aeR-class(f(b)). 

Given the literals <t>\, . . . n > 1 
7 J £(T.),£(T 1 )(^ 1 V • ■ ■ = { 7 (0!) V • •• v y(<t> n )}. 

Now T -2 = ^£(T,),£(T 3 )(Tt), using the obvious exten- 
sion of TZ to sets of clauses. Therefore, 

Ti (= <t> O T 2 [= ^£(t 1 ),£(t 3 )(^)- To see this, note that 
we can take any resolution proof of Ti h <f> and uni- 
formly apply c(t 2 ) ^e clauses in each step 

of the proof to obtain a proof of R’ c(Ti) £(Tj) (Ti) h 
We c an also define ^( T j).£(T,) sim- 
ilarly to R m c(Tt.),c(T-,) anc * use i* 1 to transform any 

proof ^ £ (r,),£(T,)(Ti) h ' R -C(T 1 ),C(,T- 3 )W into a proof 
of Tj h <j>. 


ADDING REFORMULATION TO 
DRAT 

One strategy for finding a satisfiability procedure for a 
theory Ti is to identify a theory T 2 with the following 
properties: (1) a satisfiability procedure is known for 
T 2 , (2) we can find a reformulation map 1 Z\.~ , , 

demonstrating that T 2 is an isomorphic reformulation 
of Ti and (3) Rc( Ti ),c{T 2 ) is a computable function. 

The actual DRAT technique is an extension of the al- 
gorithm discussed in section to apply the above strat- 
egy* This extension enables drat to generate theories 
that are isomorphic reformulations of T c while search- 
ing for a set of scheme instances that is a satisfiability 
procedure for Tc- DRAT has a library of reformulation 
rules, each of which is a reformulation map. These 
rules are applied to an input theory Tc to construc- 
t theories that are isomorphic reformulations of T c . 
The extended algorithm searches for scheme instances 
in these isomorphic reformulations as well as in the 
original Tc . 

Roughly, each reformulation rule is viewed as an ax- 
iom schema that can be instantiated with nonlogical 
symbols and used as a rewrite rule to reformulate a 
theory. To understand this view, consider the follow- 
ing axiom schema in which R is a parameter: 
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R(x,y) <=> x € F R (y). 

This states that for any binary relation, there is a pro- 
jection function Fr that is a mapping from individuals 
to sets of individuals such that F R (y) = (x | R(x , y)}. 

drat can apply the above reformulation rule to bi- 
nary relations in Tc • When the rule is applied to 
R in Tc, the new function symbol Fr is introduced 
and Tc is reformulated in terms of Fr. For instance, 
if this rule is applied to child in the family relation- 
s problem given earlier, it will introduce a function 
that we will call parents , from an individual to his 
or her set of parents, drat uses the formula intro- 
ducing parents , i.e., child(x,y) 016 parents(y ), to 
reformulate the problem, rewriting all occurrences of 
child(x,y) to x €parents(y). 

This example reformulation rule can be applied to 
any binary relation in any theory. More generally, 
drat’s reformulation rules are conditional on proper- 
ties of nonlogical symbols in a theory. A property of 
a nonlogical symbol is simply a first-order statemen- 
t mentioning that symbol. Before giving the general 
form of reformulation rules, we introduce the function 
rf -symbols (T), the set of relation and function sym- 
bols of T. The rf-symbols(T) does not contain the 
symbols = or €, even if they are mentioned in T. These 
are treated as special (logical) symbols in the reformu- 
lation process. 

The general form of reformulation rules is given in 
the following definition. 

Definition 6 A triple < P,(J, 0 <=> * > is a refor- 
mulation rule when it meets the following restriction- 
s: (1) P and Q are conjunctions of clauses (both of 
which may be empty). (2) 0 and ^ are conjunctions 
of literals. (3) rf-symbols(P) C rf-symbols(Q) and 
rf-symbols(Q) C r f -symbol sl^). (4) rf-symbols(0) 
is disjoint from r f -symbol s(V). (5) 0 and have the 
same variables. 

Rules are symmetric in the sense that tr bicondi- 
tionals cam be used to introduce new symL in “either 
direction.” When the parameters in 0 ar^ instantiat- 
ed with symbols in a theory T , the rule is used to 
reformulate T in terms of the new symbols in The 
conjunction of clauses P is the condition that must be 
true of a theory for the reformulation rule to be used 
to rewrite 0 as V . When the parameters in ^ are in- 
stantiated with the symbols in T, the rule is used to 
reformulate T in terms of the new symbols in 0. In 
this case, Q is the condition that must be true for the 
rule to be used. 

Here is an example of a conditional reformulation 
rule: 

< [* € F(y) => F(y) = {*}], , 

[i € F(y) F'(y)] >•* 

This rule can be applied to any theory T containing 
a function F whose range elements are sets of size one, 

J The symbol X is used in specifying axioms about par- 
tial functions, F(a) = X means that F{a) is undefined. 


i.e., P = [x e F(y) => F(y) = {*}]. When applied, 
the rule reformulates T in terms of a function F f >uch 
that F (y) = x just in case x € F(y). Q is emp f v in 
this rule because the rule can always be applied in the 
other direction. 

The following is an abstract description of the drat 
algorithm extended to do reformulation: 

instances «— 0 
77—0 

T'c+-T c 

IV - A (f) J 

UNTIL empty(T£.) DO 

EITHER 

ref -pairs •— choose- ref- p airs (7£) 

IF null( re f -pairs) THEN EXIT- WITH failure 
symbols, rule «— choose( re f -pairs) 
instantiated-rule ♦— instantiat e(rule, symbols) 

— H(instantiated-rule,T^) 

*— X(t).H(instantiated-rule,7Z m it)) 

dance «— choose- instance(T£) 

: null(instance) THEN EXIT-WITH failure 
instances ♦— union (instance, instances) 

Tj «— union(theory(insfance),7/) 

FOR EACH <t> 6 T' c 
WHEN 7> f= <j> DO T c <- T c - <t> 

END FOR 
END UNTIL 

DRAT nondeterministically either chooses a reformu- 
lation rule and reformulates V c or adds the theory of 
the new instance to 7/. Choose-inatance identifies 
an instance by identifying properties of the nonlogi- 
cal symbols in T' c . It looks for properties that appear 
in the theories of schemes. For example, when the 
scheme library contains a scheme one of whose axiom- 
s is R'x.y) => P(y, x). DRAT attempts to choose in- 
stant ->f that schema by looking for binary relations 
in T, at have the v*: nine try property. 

Ch . . .•-ref-rule ,ses the identified properties 
of n . i togical symbols in Tq to identify reformu- 
lation rules that can be applied to those symbol- 
s. Rules introduce new symbols as explained above. 
Chooae-ref-rulee returns a list of < symbols , rule > 
pairs, where symbols is an ordered list of nonlogical 
symbols. Each pair in the list can be applied to Tc by 
instantiating the parameters of the rule with symbols. 
For a rule of the form 
<P,Q,0^*>, 

symbols can either be used to instantiate the param- 
eters in 0 or in but not both. Conditional rules 
are returned only when T f c entails their condition. 
Choos e-ref -rule guarantees that if symbols instanti- 
ates B then P follows from T c ; If symbols instantiates 

it grantees that Q follows. 

As x >re, if DRAT exits with 7£ empty, it has suc- 
ceeded \ finding a 77 equivalent to Tc\ Otherwise, it 
has fai. 1. 
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Again we have suppressed the issues of search by 
giving a nondeterministic procedure. The search con- 
ducted by the extended algorithm is over a much larg- 
er space than the search conducted by the simple al- 
gorithm described in section . The drat implemen- 
tation with reformulation must compare alternative 
problem formulations. Fortunately, we have found 
some effective heuristics for controlling the search. See 
[VanBaalen89] or [VanBaalen91] for details. 

The procedure instantiate, instantiates a rule 
with respect to the nonlogical symbols in symbols to 
produce an instantiated-rule . R is the reformulation 
procedure. We describe this procedure for the case 
where a rule of the form 
< P,<2,01 A • ■ ■ A 0 n 

is used to rewrite occurrences of $ { A • * « A 6 n , the from 
conjunct , to occurrences of the to conjunct. The 
procedure for applying the rule in the other direction 
is obtained by reversing the biconditional and replac- 
ing references to P by references to Q. 

Each set of unit clauses in T' c of the form 
{(0i)<7, . . . , (O n )cr} } where <r is a substitution for the 
variables in the 0 it is rewritten as the set of unit 
clauses (tf)cr. Each clause containing the literals 
(“^i )*,..■ ,(0n)<r is rewritten to contain Af- 

ter all possible occurrences are rewritten, the clauses 
in Q are added to the rewritten theory. 

We call a rewriting produced by R complete when it 
removes all of the nonlogical symbols appearing in the 
from conjunct. R may or may not produce a complete 
rewriting. For example, given a right hand side of the 
form R(f(x)) } rewriting will only be complete when R 
and / appear in a theory only in patterns of this form. 
If the rewriting process is not complete, R adds the 
instantiated 0 & to the rewritten theory. 

As an example of applying 7 Z t consider again the rule 
<[xeF(y)=>F(y)= {*}],, 

[xef(^x^lAi = F(y)]>. 

As noted, the condition P must follow from a theory to 
reformulate F as F' in that theory. Since the condition 
Q is empty, there are no clauses to add to the resulting 
theory. If the rewriting is not complete, [x ^ _L A 
x = F'(y) <=> x 6 F(y)] is added to the rewritten 
theory. Since there is no condition Q, this rule can 
always be used, in the other direction, to reformulate 
F* as F. In this case, P is added to the rewritten 
theory. Again, the biconditional may need to be added 
to the rewritten theory. 

To ensure that the extended drat algorithm gen- 
erates only isomorphic reformulations, each reformula- 
tion rule must be shown to generate only isomorphic 
reformulations. To guarantee this, we require that, 
when instantiated, each reformulation rule be an ex- 
tendmg definition. 

Definition 7 A reformulation rule 
is an extending definition if for all theories T the fol- 
lowing conditions hold: 

1. Whenever the rf -symbol s{<d) C r f -symbol s(T), 


rf-syrnbolsm is disjoint from rf-symbols(T) and 
T \= P, then every model of T can be expanded to 
a model of T u {0 <=> } . 

2. Whenever the rf -symbol s('t) C rf-symbots{T), 
rf-symbols(Q) is disjoint from rf-symbols(T) and 
T N Q, then every model of T can be extended to a 
model ofru{0»^}. 

Section shows that for any reformulation rule rule, 
\(t).lZ(rule,t) is a computable function and so long as 
rule is an extending definition, that whenever a theory 
T entails the appropriate condition of rule, TZ{rule,T) 
is an isomorphic reformulation of T. 

The TV produced by drat on the problem < 
E,7c,^ > is the composition of reformulation maps 
used by the algorithm to reformulate T c . Since each 
reformulation map generates an isomorphic reformula- 
tion, TZ“(Tc) is an isomorphic reformulation of Tc S- 
ince each step is computable, TV is a computable func- 
tion. 

Finally we point out that, since and 0 in the re- 
formulation rule < P, Q, 0 o > are required to have 
the same variables, 72*(E) and 72*($) will always be 
ground. However, even though E and $ are conjunc- 
tions of ground literals, 72*(E) and 72*($) may not 
be. To see this, suppose that E contains the literal -i <j> 
and U'{<j>) is a conjunction. Then -T V(<t>) will be a 
disjunction. 

Section shows that when DRAT uses reformulation 
in designing a satisfiability procedure for a problem 

< S,T C ,* > a nd R m (^2) is a conjunction of literals, 
the problem can be solved by solving 

< R (£), 72.*(7c), 7£*(<&) >. The fact that a satisfia- 
bility procedure for a reformulation of a probJem re- 
quires TV (£) to be a conjunction of literals is not a 
significant difficulty in the more general setting dis- 
cussed in section in which satisfiability procedures are 
used in conjunction with a theorem prover. 

AN EXAMPLE 

In practice, we have found that adding reformulation 
to DRAT increases its effectiveness considerably. We il- 
lustrate this with a relatively simple example excerpted 
from the DRAT implementation design of a satisfiability 
procedure for the example problem given in section . 
We illustrate the implementation’s behavior on the set 
T of clauses: 

^married(x , x), 
married(x i y) => married(y,x) 
married(x t y) A marn‘ed(y, z) => -*marned(x, z) 
married(y,x) A married(z, x) => y = z 
There are three schemes in DRAT’s library that are 
relevant to the example. The scheme T for the the- 
ory of partial 1-1 functions with parameters F and 
F* , which are inverse functions, and theory(^T)= {x = 
F(y) Ax/ioj/ = F'(x) Ay ^ ±}; The scheme 
for the theory of sets of size two with 5 as a parameter 
and theory(S 2 )= {x x £ S A x 2 € 5 A x { zfc x 2 => S = 


167 



{*i,x 2 }}; And, the scheme £ for the theory of equality 
with uninterpreted function symbols. 

The relevant reformulation rules are: 
n =<*>R(x>y) <=> y € F R (x) > 
r 2 =< x 6 F(y) =* F(y) = {x},, 

[* € F(y) ^x^1Ai = F'(j/)] > 
r 3 =< (x^1Aj/^1)^i = F(j/) <=> y = F(x), , 

(* = f (y) F'(y) = {x, y} A x ± y] > 

As is typical in the implementation, these rules are 
normally used only in one direction. As noted in sec- 
tion , ri reformulates a binary relation in a theory as a 
function F R onto sets: F R (x) = {y | R(x,y)}. Also as 
noted in section , when applied to a theory containing 
a function F whose range elements are sets of size one, 
r 2 introduces a function F f such that F'(y) = x just in 
case x (= F(y). The rule r 3 reformulates an F that is 
its own inverse as a function F\ mapping an individual 
into sets of size r wo such that F'(x) = {x, F(x)}. 

Given the sc 1 ies above, drat is unable to design 
a satisfiability ; : edure for T without reformulation. 

In an effort to design a satisfiability procedure for all of 
T , the DRAT implementation repeatedly reformulates 
the problem, finally producing a formulation in terms 
of a function that we will call couple , mapping an in- 
dividual to the married couple of which he or she is a 
member. 

drat uses rule ri to reformulate T in terms of a 
function that we will call spouses , a mapping from an 
individual to the set of his or her spouses. 7£(ri,T) is 
x £ spouses(x ), 

x € spouses(y) => y € spouses(x) 
x € spouses(y) A y € spouses(z) => x # spouses(z) 
y € spouses(x) A z £ spouses(x) => y = z 
DRAT uses rule r 2 to reformulate 7£(ri,T) in terms 
of a partial function that we will cadi spouse , a 
mapping from an individual to his or her spouse. 
7£(r 2 ,ft(r lt r)) is 
x / spouse(x) V x = _L, 

x = spouse(y) Ax^l =>y = spouse(x) Ay ^ 1 
x = spouse(y) Ax^lAy = spouse(z) Ay ^ 1 
=> x ^ spouse{z) Vi = 1 
y = spouse(x) Ay/1A: = spouse(x) A: / I 

=* y = * 

Note that the second and fourth clauses in this set 
follow from instances of T and £ respectively. Hence, if 
DRAT were to terminate at this point, V c would include 
only the first and third clauses. 

drat uses rule r 3 to reformulate the above theory 
in terms of the function couple . The result is 
couple(x) ^ {x, x} V x = x, 
couple(x) = {x, y} A x ^ y => 
couple(y) = {y,x} A y ^ x, 
couple(x) — {x, y} A x / yA 
couple(y) = {y, z] A y ^ z => 
couple(x) ^ {x, z} V x = z, 
coup/e(y) = {x, y} Ay / xA 

couple(z) — {z, x} A z ^ x => y = z 
All of the clauses in this set follow from the com- 


bination of S 2 and an instance of £ containing the 
uninterpreted function symbol couple. Thus, through 
the use of reformulation, drat succeeds in designing a 
satisfiability procedure for the theory T. Without re- 
formulation it is unable to design a procedure for any 
subset of T. 

STEPS TOWARDS THE 
COMPLETENESS OF DRAT 

This section proves two results towards the complete- 
ness of DRAT. First, we show that drat designs sat- 
isfiability procedures. If drat successfully designs a 
procedure for some set of axioms T c , then that proce- 
dure can be used to decide the problem < E,7c,$ > 
for any conjunctions of ground literals E and <£ Sec- 
ond, we consider the addition of reformulation to drat 
and show that a satisfiability procedure for R m (Tc) can 
be used as a satisfiability procedure for T c so long as 
71* (E) is a conjunction of literals. These results are 
necessary preliminaries for the proof of completeness 
in section . 

DRAT DESIGNS SATISFIABILITY 
PROCEDURES 

Before proceeding to prove that drat designs satisfi- 
ability procedures, we recall properties of schemes p- 
resented thus far and discuss some additional required 
properties. 

Recall that a scheme for a theory T is a procedure 
that decides the satisfiability of E U T, where E is a 
conjunction of ground literals. Given a particular E, 
each scheme also computes the set of equalities between 
constants in E that follow from E U T. If T is noncon- 
vex, its scheme also computes disjunctions of equalities 
between constants in E that follow from E U T. 

We call a first-order theory whose formulas contain 
no existential quantifiers a quantifier- free theory. An 
additional requirement on schemes is that their theo- 
ries be quantifier-free. As a practical matter, this is 
not a serious restriction beyond restricting schemes to 
be tractable. See [Oppen80] for further discussion of 
this point. 

The theories of schemes are also required to have 
infinite models. The equality propagation technique 
may not work if a theory has only finite models be- 
cause, given a set of constant symbols larger than the 
set of individuals in the model's domain, such a theo- 
ry implies the disjunction of equalities between those 
constant symbols. Theories with infinite models do 
not imply disjunctions of equalities between variables. 
Therefore, given a theory T with infinite models, such 
disjunctions can only follow from T U E, for some E 
whose satisfiability is being decided. Any disjunctions 
of equalities between constants that follow must in- 
volve only constants mentioned in E. This restriction 
to theories with infinite models does not appear to be 
significant. To date, we have not found any schemes 
that we could not include because they violated this 
restriction. 
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The theorem proved below is similar to the the- 
orem given in [Nelson&Oppen79]. It differs in the 
addition of the requirement that each scheme’s the- 
ory have infinite models. The theorem appearing in 
[Nelson&Oppen79] is incorrectly stated. The reason a 
different proof is included here is that the proof giv- 
en in [Nelson&Oppen79] is incorrect. 2 We also include 
our proof because the technique is much more direct 
and serves as a foundation for research in progress to 
extend our results. 

Theorem 1 Let 7\ and T 2 be theories with no com- 
mon nonlogical symbols. If there are schemes for 7* 
and To, there is a scheme for T\ UT 2 . 

Proof: We prove that the procedure described in 
section for combining two schemes is a scheme for T\ U 
To. If the scheme for T\ or T 2 reports “unsatisfiability,” 
clearly Ei U E 2 U 7\ UT 2 is unsatisfiable and, since E x U 
E 2 and E are cosatisfiable, EuTi UT 2 is unsatisfiable. 
We must show that if the procedure of section reports 
“satisfiable, ’ EuTi UT 2 is satisfiable. This is done by 
showing how to construct a model of E U 7\ U T 2 when 
the procedure reports “satisfiable.” 

Let C — {cq, - ■ . , c n ] be the set of constant symbols 
appearing in Ej or E 2 . Let E be the set of equalities 
propagated by the procedure of section . As we will see, 
when the procedure halts, E contains all the c x = c 2 
such that ci, c 2 € CAE 1 UE 2 UTiUr 2 f= Cl = c 2 . E will 
also contain any equalities chosen when case splitting 
occurs. 

Let E — { c 1 = c 2 | ci , c 2 G C A ci = c 2 E}. Since 
the schemes for T\ and T 2 reported “satisfiable,” there 
are models of Ei U7i U F and E 2 UT 2 UF. Let Mi and 
M 2 be models of EiUTiUF and Y1 2 UT 2 UE respectively 
that agree on the interpretation of the equalities in E. 
We show how to construct a model Adf= E U 7\ U T 2 
from Mi and M 2 . 

Before giving this construction, we show that it is 
possible to pick an M\ and M 2 that agree on ~E. 
First note that if ~E_\s empty, all M\ and M 2 agree. 
Now suppose that E is not empty. In this case, there 
exists an Adi and an M 2 that do not satisfy any e- 
quality in E . For suppose to the contrary. In par- 
ticular, suppose that every Adisatisfies some equaJity 
in E. If E contains exactly one equaJity, ci = c 2 , 

Li T[ U E Ci = c 2 and cj = c 2 G E , not E . If E 
contains more than one equality, Ei U7\ UE entails the 
disjunction of equalities in E. But then Ei U 7i U E 
is nonconvex which is impossible because, instead of 
returning satisfiable, the algorithm in section would 
have case split in this situation. This same argument 
can be made for Ad 2 and, hence, there exists_an M 2 
that does not satisfy any of the equalities in E. Thus, 
we can choose an Adi and Ad^that agree on the inter- 
pretation of the equalities in E. 


2 A correct version of the theorem appears in [Nelson84], 
however, the proof given there is still incorrect. 


Note that since Af, and Mi agree on the interpre- 
tation of the equalities in E and in T, they agree on 
the interpretation of every equality between constants 
in C. 

Let M 1 — < D u R u F l} C\ >, where D x is the do- 
main of Adi, R\ is the interpretation of relation sym- 
bols of Mi in D 1 , Fi is the interpretation of the 
functions symbols of Ad! and C { is the interpretation 
of individual constant symbols in Ad^ Similarly let 
M 2 =< D 2 ,R 2t F 2t C 2 >. 

We now construct M by merging Adi and M 2 as 
follows. The domain of Ad is D { U D 2 , where D* 2 is 
the domain of M 2 , a modified version of Ad 2 . Mo' 
is obtained by replacing individuals in Do by individ- 
uals in Di when they are designated by the same con- 
stant symbol. For all constant symbols c G C, re- 
place every occurrence of C 2 (c) in Do by Ci(c), i.e., 
C f 2 (c) = Ci(c) when c is a shared constant symbol 
and C 2 (c) = C 2 (c) otherwise. For all R in the do- 
main of R 2 , let R f 2 (R) be the set R 2 (R) modified by 
the above replacement procedure. Similarly, let F 2 be 
the new interpretation of the function symbols of M 2 
M 2 '=< D 2 , R 2 ,F 2 , C 2 >. 

M 2 and M 2 are isomorphic structures because Adi 
and Ad 2 agree on the interpretation of every equality 
between constants in C. If Adi and Ad 2 did not agree, 
then Ad 2 and M 2 would not be isomorphic. For sup- 
pose, that Aix |= ci = c 2 but M 2 \£ Ci = c 2 . Then the 
two constant symbols designate the same individual in 
D' 2 and different individuals in D 2 and, hence, M 2 is 
not isomorphic to Ad 2 . 

To finish the construction of M, we take Ad = < D { U 
D 2 , Ri U R! 2 , Fi U F 2 , C\ U C 2 >. Since Adi (= Ei U 7\ 
and Ad 2 ' (= E 2 U T 2y M\= E t U E 2 U T x U To. Since 
Ei U E 2 and E are cosatisfiable, Adf= E U T x U To and 
the proof of the theorem is complete. □. 

The fact that DRAT designs satisfiability procedures 
is a direct consequence of theorem 1. Since the result of 
combining two schemes is again a scheme, any number 
of schemes can be combined by this method. 

DRAT DOES ISOMORPHIC 
REFORMULATION 

This section includes the proofs of two properties of 
D rat’s reformulation procedure R . These results are 
sufficient to show how a satisfiability procedure gen- 
erated by DRAT for some reformulated theory can be 
used to solve the original problem. 

Lemma 1 If a reformulation rule (nilt) is an extend- 
ing definition in T of the form < P, <3,0 V > and 
T N then R{rule,T) is an isomorphic reformula- 
tion ofT. 

Proof: The condition that must be met is that if 
T |= P, T <j> o R(rule f T) (= R(rule, <f > ), 
for any clause <j> G C{T). We prove the equivalent fact 
that if T )= P, 
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SAT(TU{- 0 }) O SAT(n(rule,T)U -^(ru/e, 0)), 

where SAT(T) means that T is satisfiable. 

[=>] USAT(TU {-0}), SAT(T u {6 o *} U {-0}) 
because, by the definition of extending definition, every 
model of T can be extended to a model of TU {0 <=> tf}. 
Therefore, there exists a model of Tu{0 <£> tf}U{-^0}. 
But 

TU{0<=> V P}U{- | 0} |= 1Z(rule t T) U -<7£(ru/e, 0). 
Hence every model of T U {© o U {->0} is a model 
of 7£(ru/e,T) U ~'7l(rule ) 0). Since there exists a mod- 
el of T U {0 <=> tf} U {->0}, there exists a model of 
7v(ru/e,T) U -^7£(ru/e,0) and hence, it is satisfiable. 

[^] The proof in this direction is similar, with the 
added step of showing that every model of H(rule } T)U 
-'I Z(rule } <j>) can be extended to a model of Tl(rule, T ) U 
{0 <=> tf} U -<7£(ru/e, 0). Since rule is an extending 
definition, every model of a theory Ti that entails Q 
can be extended to a model of T\ U {0 tf}. By 
the definition of 7£, the clauses of Q will appear in 
7v(ru/e,T) and hence 7l(rule,T) (= Q. Therefore, ev- 
ery model of 7l(rule, T) can be extended to a model of 
7£(ru/e,T)U {0 <=> 'I'}. Thus, if 7Z(rule, T) U -«7£(0) is 
satisfiable, so is T U {”*0}. □ 

It follows directly from this lemma and the fact that 
extending definitions can be used in either direction, 
that a reformulation rule (P A Q) => [0 <=> ¥] with 
the rf -symbol s('If) instantiated in term of a theory T 
can be used to reformulate T in terms of 0 so long as 
T\=Q. 

Lemma 2 For any reformulation rule (rule), the 
function X(t).TZ(rule } t) is computable. 

Proof: Suppose the biconditional of rule is 0 <=> 
and 7 Z applies rule to rewrite occurrences of ¥ to 
occurrences of 0 in T, as described in section . S- 
ince rf-symbols(S) are disjoint from rf -symbol s(T), 
a rewrite step can never introduce a pattern of liter- 
als to which rule can be applied a second time. The 
rewrite is applied repeatedly until one of the following 
events occurs: (1) all of the symbols in r f -symbol s^) 
are removed from T or (2) no new occurrences of ^ 
can be found, even though symbols in rf -symbols^) 
are still present. In either case, repeated application 
of the rewrite rule terminates. Hence, \(t) .H(rulc , <) 
is computable. □ 

The two preceding lemmas are sufficient to show 
that a satisfiability procedure for 7 Z*(Tc) can be 
used to solve the problem < E,7c,$ >, so long 
as 7£*(E) is a conjunction of ground literals. As- 
suming that 7£*(E) is a conjunction, the satisfiabili- 
ty procedure is used to solve the problem by solving 
< 7£*(E),7£*(Tc), 7£*(<fc) > as follows. For each 0 € 
if -«7£*(0) is a conjunction of literals, we use the pro- 
cedure to determine if 7£*(E) U 7l m (Tc) U _, 7£*(0) is 
unsatisfiable. Th is the case if and only if EuTc U ->0 
is unsatisfiable. -7£*(0) is a disjunction of literals, 
the procedure is < d to determine the satisfiability of 
7v’(E) U n m {T c ) o /, for each literal / 6 -^*(0). If 


any of these is satisfiable, 7£*(E) U 7l m (T c ) U ^JV(<p) 
is satisfiable; otherwise it is unsatisfiable. 

THE COMPLETENESS OF DRAT 

Two simplifying assumptions were made in the previ- 
ous sections. First, in definition 3, it was assumed that 
a problem for DRAT was of a restricted form. Second, 
it was assumed that drat’s success depended on de- 
signing a satisfiability procedure for all of Tc Both of 
these assumptions are now relaxed and we show how a 
literal satisfiability procedure is interfaced with a res- 
olution theorem prover in such a way that the proce- 
dure/theorem prover combination is complete. 

A problem for DRAT is now taken to be a pair < 
T,0 >, where T is a set of first-order formulas and 0 
is a first-order formula. A pair < T,0 > is interpreted 
as the question, 4 T (= 0?” 

As a typical preprocessing step for resolution theo- 
rem prc' ng, T md -«0 are converted to sets of clauses 
which w; be called F and ->0' respectively. Let Tc 
be the se* T nonground clauses in F . As before, drat 
is used u design a literal satisfiability procedure for 
Tc ■ However, instead of exiting with failure if it is 
unable to design a procedure for all of Tc, it returns 
the satisfiability procedure and V c , those clauses not 
incorporated into the satisfiability procedure. Also, as 
before, drat returns the reformulation map TV . 

The algorithm given in section refers to the set of 
clauses for which a literal satisfiability procedure has 
been designed as T/. Here that procedure is referred 
to as Stj • We show how Sr t is used along with a 
resolution theorem prover to demonstrate the unsat- 
isfiability of Cl = ft*(F) U 7£*(-*0'). The nonground 
clauses of Cl are manipulated by the theorem prover in 
the usual way, except that clauses in T/ are prohibited 
from resolving with ground clauses. These resolutions 
are unnecessary because Sr r is a “compression” of any 
resolution steps that can result from such a resolvant. 

&r t is used in the manipulation of ground clauses iu 
Cl and ground clauses derived from Cl during theo- 
rem proving. It is interfaced to the theorem prover via 
theory resolution[Sticke\S5]. One type of theory reso- 
lution, called total narrow theory resolution, requires 
a decision procedure for a theory T, given a set of lit- 
erals £, to compute subsets V of L such that L'UT 
is unsatisfiable. Such a procedure is used to compute 
T-resolvants of a set of clauses as follows. Consider the 
decomposition of the clauses into A\ V Lj, where each 
K% is a single literal in C(T) and Li is disjunction of lit- 
erals (possibly empty). For each subset of the A';, say 
{A'*, , . . . , Ki n }, that is unsatisfiable in T, the clause 
L i V • V L„ is a T-resolvant. 

The theorem prover constructs T/- resolvants from 
ground clauses, using Sr t to compute sets of ground 
literals that are unsatisfiable in T/. Let GrL be the set 
of ground unit clauses in Cl and let GrCl be the set of 
ground nonunit clauses in Cl. First, the ground clauses 
are separated into clauses that are in C(Tf) and clauses 
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that are not. This is accomplished for the clauses in 
GrL using the procedure described in section ; It is 
accomplished for clauses in GrCl in a similar fashion. 

If a ground clause contains a literal that is not 
in £(7/) and a ground clause c 2 contains the negation 
of that literal, the theorem prover computes the re- 
sol vant of Ci and c 2 in the normal way. 7/-resolvants 
are computed using St { to compute sets of ground lit- 
erals that are unsatisfiable in 7} as follows. Let GrL T[ 
be the set of literals in GrL that are in £(7>). Let 
GrClr t be the set of literals in £(7>) appearing in 
clauses of GrCl . We input progressively larger subsets 
of GrLits = GrLx f U GrClj > { to Sjj as long as those 
sets are satisfiable in 7/. Once a set is unsatisfiable in 
7), all supersets of it will also be unsatisfiable. When 
the theorem prover deduces a new ground literal in 
GrL T[ , it is added to GrLits . The smallest subsets 
of GrLits found to be unsatisfiable in 7/ are used to 
compute 7/-resolvants of ground clauses. 

Theorem 2 Given the problem < Y,<j> >, let S T/ be 
a literal satisfiability procedure for 7> C 7T(T)! If 
r combined with the theorem prover will 

demonstrate the unsatisfiabihty of Cl. 

Proof: In [Stickel85], Stickel shows that, given a set 
of clauses A, V 7, , if a decision procedure for a theory 
T computes all subsets Aj that are minimally unsatis- 
fiable in T , total narrow theory resolution is complete. 
We must show that the above procedure for computing 
77-resolvants computes all subsets of GrLits that are 
minimally unsatisfiable in Tj. Clearly, so long as ST t is 
a literal satisfiability procedure, the above procedure 
computes all these subsets. Thus, the completeness 
result follows directly from the results of section . □ 
The procedure described above can be made much 
more efficient. There are several refinements used by 
the drat implementation to consider far fewer subset- 
s for unsatisfiability in Tj. We discuss two of these 
here. One refinement is to distinguish between literals 
in GrL'r l and GrClj t . First, we consider the satisfi- 
ability of GrLp l ■ If this is unsatisfiable, we are done. 
Otherwise, we consider progressively larger sets of lit- 
erals appearing in clauses in GrCl'f l . For each such set 
s, Stj is used to determine whether or not GrLr { U s 
is unsatisfiable in T/. 

Note that the subsets identified with this refinement 
are not always minimal: it is possible for a subset of 
GrClj , union a subset of <7r7 T/ to be unsatisfiable in 
T f . However, it turns out that completeness of theory 
resolution is retained in this case, since the extraneous 
literals are in GrLj l and, therefore, are unit clauses. 

A second simpler refinement only considers subsets 
of GrCl Tl each of whose elements appears in a different 
clause in GrCl. 

As a final point about the efficiency of the procedure 
for computing subsets that are minimally unsatisfiable 
in 7/, recall that schemes are required to be incremen- 
tal. Because of this, S'p [ is used very efficiently to 
consider progressively larger sets of literals. 


It is often most effective to leverage the use of S T 
by doing as much of the theorem proving as possible 
at the “ground level.” The drat implementation uses 
set of support” strategy which is very effective in ac- 
complishing this when ft is ground because it tends 
to produce ground resolvants. 

Summary and Ongoing Work 

We have presented a formalization of drat: a tech- 
nique for automatic design of satisfiability procedures. 
We have shown how these procedures are interfaced to 
a theorem prover so that it can, in many cases, prove 
theorems more efficiently. Given tf , the set of axioms 
of a problem, and , a literal satisfiability procedure 
designed for tf' C tf , we have proven that for any first- 
order statement 4>, if tf (= <£, the theorem prover /£*, 
combination will prove 4>. 

The major steps of our argument were as follow's: 

1 We showed that a combination of satisfiability proce- 
dures with certain properties is again a satisfiability 
procedure. 

2. We showed that the reformulation that is essential 
to DRat’s effectiveness is isomorphic reformulation 
and, therefore, a satisfiability procedure of a refor- 
mulated theory can be used to solve problems in the 
original theory. 

3. We proved the completeness of our technique for 
combining literal satisfiability procedures with a the- 
orem prover. In this combination, Sy> is used to 
compute tf'-resolvants from ground clauses and the 
theorem prover is restricted so that it does not re- 
solve ground clauses on literals in £(tf'). 

In our ongoing work, we are attempting to extend 
drat’s scheme combination technique. As much as 
possible, we would like to remove the restriction on 
the sharing of nonlogical symbols between componen- 
t scheme instances in combinations. We are exploring 
the conditions under which limited types of overlap be- 
tween nonlogical symbols is allowed. When overlap is 
allowed, component schemes must propagate more in- 
formation than just equalities between constant sym- 
bols. In most cases where overlap is allowed and in 
which the schemes propagate at least the set of equal- 
ities between constants, it is not difficult to show the 
completeness of a propagation technique. The major 
issue that arises is proving that the propagation termi- 
nates. 

As an example, consider allowing two schemes to 
share function symbols. The schemes must propagate 
all equalities between ground terms involving shared 
function symbols. The proof technique used in section 
can be extended to prove that such schemes combined 
by an appropriately extended propagation technique 
will produce semi-decision procedures for the combi- 
nations of their theories. However, in general, it is not 
possible to prove that the propagation will terminate. 
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One situation in which overlap is allowed occurs 
when the theories of schemes are sets of clauses in a 
sorted first-order logic. In this case, a function symbol 
F whose range is disjoint from its domain can be shared 
between schemes because terms of the form F(F(x)) 
are not well formed and, hence, it is easy to show that 
propagation of terms involving F will terminate. 
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